Privacy Code

Privacy Statement

Lakeland Credit Union is committed to protecting the personal information of credit union members, employees, and other individuals. In order to protect all personal information collected, used, or disclosed by Lakeland Credit Union, we have adopted the Credit Union Code for the Protection of Personal Information.

On our website, we only collect personal information required to improve the services we offer, to improve our site content and, with your permission, to contact you with information about our services. We will not share any personal information obtained on this website with any other organization without your express knowledge and consent.

For more information on our web site Privacy Statement, please read below.

Accountability

Credit unions are accountable for all personal information in their control. Credit unions will designate one or more persons to be accountable for compliance with this privacy code.

1) Ultimate accountability for Lakeland Credit Union’s compliance with the principles rests with the Lakeland Credit Union Board of Directors, who delegate day-to-day accountability to a Privacy Officer. Other persons within Lakeland Credit Union may be accountable for the day-to-day collection and processing of personal information, or to act on behalf of the designated individual.

2) Credit unions will identify to staff and to members the person (persons) who is (are) responsible for the day-to-day procedures of compliance (see also 8.2).

3) Credit unions accept responsibility for personal information that has been disclosed to a third party in order to deliver a product or service. Credit unions will safeguard the privacy of this personal information through a contract or other means with the third party.

4) To practice the principles of this privacy code, credit unions will:

Establish day to day procedures to protect the privacy of personal information,

Receive and respond to members’ questions,

Train staff to understand and follow privacy procedures, and

Oversee compliance with an annual review of procedures.

Identifying Purposes

Credit unions will identify the purposes of collecting personal information, before or when the member provides it.

1) The Lakeland Credit Union will document the purposes for which personal information is collected prior to the information being collected.

2) The credit union will ensure that the member information is readily available to the member (see 2.4) disclosing the purposes for which personal information is collected, including use by third parties.

3) The credit union will collect and use personal information for the following purposes (NOTE; the following purposes are guidelines. Credit unions should determine if these purposes fit with their practices):

To meet regulatory and legal requirements

To establish your identification

To protect you and us from illegal activity

To determine the suitability of products and services to you, and your eligibility for products and services (Including determining your eligibility for credit and receiving and exchanging credit information on an ongoing basis with other credit suppliers and credit reporting agencies)

To operate and administer products and services, which you have requested, including providing information to related services providers involved in the operation and the administration of those services on behalf of us.

To provide you with information or advice on products and services that may be of interest to you (whether you have currently have a product or service with us.)

To conduct research to assist us in designing products and services, and determining products and services that may be of interest to you, and to obtain your feedback on current products and services.

To disclose information to third parties in connection with the ongoing management of our assets (including the assignment or sale of loans), and the further subsequent collection, use or disclosure of that information by those third parties and any of their agents; or, assignees for the purposes of managing those assets.

To provide ombudsman or mediation services to address concerns with CU products or services raised by you.

4) The identified purpose should be communicated directly to the member from whom personal information is being collected. This can be done orally, electronically, or in writing.

5) When personal information that has been collected is to be used for a purpose not previously identified, the new purpose shall be identified and the member’s consent will be received before the information is used. If the new use is required by law the member’s consent will not be required.

Consent

The knowledge and consent of the member is required for the collection, use, or disclosure of personal information except where inappropriate.

Note: In certain circumstances personal information may be collected, used, or disclosed without the knowledge or consent of the Member. These circumstances include, but are not limited to:

Where clearly in the interests of the Member and consent cannot be obtained in a timely way;

To avoid compromising information availability or accuracy and if reasonable to investigate a breach of an agreement or a contravention of the laws of Canada or a province;

Where the information is considered by law to be publicly available;

To act in respect of an emergency that threatens the life, health or security of a Member;

To investigate an offence under the laws of Canada, a threat to Canada’s security, to comply with a subpoena, warrant or court order, or rules of court relating to the production of records, or otherwise as required by law.

Collecting a debt

1) At the time the credit union collects personal information, the member’s consent will be required before or when the personal information is collected, used, or disclosed.

Sometimes, credit unions may seek consent to use and disclose personal information after it has been collected. This can happen when the credit union wants to use the information for a purpose that was not previously identified to the member.

Credit unions may choose to collect, use, or disclose personal information without the member’s consent for the collection of overdue accounts, legal or security reasons.

2) The credit union will make a reasonable effort to communicate the purpose for collecting, using and disclosing information in a clear and understandable way so as not to deceive. The credit union will explain to members how personal information will be used or disclosed before consent is received.

3) Credit unions may not, as a condition of the supply of a product or service, require a member to consent to the collection, use, or disclosure of information beyond that required to fulfill explicitly specified and legitimate purposes.

4) In determining the form of consent to use, Lakeland Credit Union will take into account the sensitivity of the information. Although some information (for example, medical and financial records) is almost always considered to be sensitive, any information can be sensitive depending on the context.

Members can give consent:

In writing, such as when completing and signing an application;

Through inaction, such as failing to check a box indicating that they do not wish their names and addresses to be used for optional purposes;

Orally, such as when information is collected over the telephone or in person;

At the time they use a product or service; and

Through an authorized representative (such as a legal guardian or a person having power of attorney).

5) The credit union may collect, use, or disclose personal information without the knowledge and consent of the member when legal, security, or certain processing reasons make it impossible or impractical to get this consent.

For example:

Consent will not be obtained when personal information is collected, used or disclosed to:

Detect and prevent fraud,

Collect overdue accounts,

Comply with the law.

Consent may not be possible or appropriate when the member is a minor, seriously ill, or mentally incapacitated

Consent will not be obtained, and will be implied when personal information is given to suppliers or agents of the credit union who need it to carry out functions that would reasonably be expected to be required in connection with a service. For example; processing functions, such as data processing or the printing of cheques and credit cards.

When the credit union obtains customer lists from another organization, the credit union will assume that the organization providing the personal information obtained the consent of persons who appear on the list before disclosing it to the credit union.

6) Subject to legal and contractual restrictions on the credit union, members can withdraw consent to the use or disclosure of information for a particular purpose at any time as long as:

Reasonable notice of the withdrawal is given to the credit union in writing,

Consent does not relate to a credit product when the credit union must collect and report information after credit has been granted.

The credit union will let the member know the consequences of withdrawing consent when members seek to do so. Withdrawing consent to collect, use, or disclose personal information could mean that the credit union cannot provide the member with some product, service, information of value, or even continued membership.

Limiting Collection

Credit unions will limit the amount and type of personal information that is collected to the purposes already identified to the member. Credit unions will collect personal information using procedures that are fair and lawful.

1) The credit union will collect only the amount and type of information needed for the purposes identified to the member, in accordance with the credit union’s policies and procedures.

2) Credit unions will collect personal information by fair and lawful means, and not by misleading or deceiving members about the purpose for which information is being collected.

Limiting Use, disclosure, and Retention

Credit unions will use or disclose personal information only for the purposes it was collected, unless a member gives consent to use or disclose it for another purpose or as required by law.

Credit unions will keep personal information only as long as necessary for the identified purposes or as required by law.

1) The credit union may disclose personal information without consent when required by law. For example:

Subpoenas,

Search warrants,

Other court and government orders,

Demands from other parties who have a legal right to personal information.

2) In these circumstances, the credit union will protect the interests of members by taking precautionary steps to ensure that:

Orders or demands appear to comply with the laws under which they were issued,

Only the personal information that is legally required is disclosed, and nothing more,

Credit unions will not comply with casual requests for personal information from government or law enforcement authorities,

Personal information is not disclosed to unrelated third party suppliers of non-financial services.

The credit union may notify members that an order has been received, if the law allows it. (Notification may be by telephone or by letter to the member’s address on file or any other means that the credit union deems appropriate in the given circumstance).

3) Health records will only be collected to verify authority of trust representatives (account Management), for credit application purposes and credit related insurance sales. Health records will not be disclosed to, or received from any other unrelated organization.

4) Credit union policies and procedures will specify the shortest and longest periods of time it will keep personal information. Some of these time periods may be determined by legislation. If personal information has been used to make a decision about a member, the personal information will be kept long enough for the member to have access to it after the decision has been made.

5) The credit union will destroy, erase, or make anonymous any personal information no longer needed for its identified purposes or for legal requirements. The credit union will develop guidelines and implement procedures to govern the destruction of personal information.

Accuracy

Credit unions will keep personal information as accurate, complete, and up-to-date as necessary for the purposes for which it is to be used.

1) The extent to which personal information will be accurate, complete, and up-to-date will depend upon the use of the information taking into account the interests of the member. The credit union will rely on the member to keep certain personal information accurate, complete and current, such as name and address.

2) Credit unions will not routinely/automatically update personal information unless updating is necessary for the purposes for which the information is used.

3) Personal information that is used on an ongoing basis, including information that is disclosed to third parties, will generally be accurate and up-to-date.

Safeguard Personal Information

Credit unions will protect member’s personal information with safeguards appropriate to the sensitivity of the information.

1) The credit union will safeguard personal information from loss or theft and from unauthorized access, disclosure, copying, use or modification. Appropriate safeguards will be applied regardless of the format in which that information is held.

2) Credit union safeguards will vary depending on the sensitivity, amount, distribution, format, and storage of the personal information. The highest level of protection will be given to the most sensitive personal information.

3) Personal information will be safeguarded through appropriate security measures. For example:

Physical security, such as secure locks on filing cabinets and restricted access to offices,

Organizational security, such as controlled entry in data centres and limited access to relevant information on a “need to know” basis,

Electronic security, such as passwords, personal identification numbers and encryption.

Investigative measures, in cases where Lakeland Credit Union has reasonable grounds to believe that personal information is being inappropriately collected, used or disclosed.

4) Employees, directors and officers will be regularly informed about the credit union’s policies and procedures for protecting member personal information and will emphasize the importance of complying with them. Employees and directors will be required to sign an oath of ethical conduct annually including commitment to keep member’s personal information in strict confidence.

5) Credit unions may disclose personal information to third parties for example; printing cheques, data processing services, collection, credit bureau reports, or for the supply of other goods and services. Credit unions will require that these third parties safeguard all personal information in a way that is consistent with safeguards credit unions would apply to personal information in their control.

6) Credit unions will use care when disposing of, or destroying personal information, to prevent unauthorized access to the information.

Openness

Credit unions will make the policies and procedures used to manage personal information readily available.

1) Credit unions will make available to members information about the policies and procedures used to protect privacy in accordance with this code. Credit unions will make available copies of this privacy code.

2) The privacy information made available will include:

The title and office address of the person (persons) in the credit union who is (are) responsible for protecting the privacy of members’ personal information, so members know where to address complaints and questions,

How to access member personal information held by the credit union, to review its accuracy,

What type of personal information is controlled by the credit union and its use,

The personal information disclosed to subsidiaries, affiliates, or other suppliers of the credit union,

A copy of any brochures or other information that explains the credit union’s policies, procedures, standards, or codes.

3) Credit unions may make information about its privacy policies and procedures available in a variety of ways, depending on the nature of the service members are using and the sensitivity of the personal information. For example, a credit union may make brochures available in its branches, mail information to its members, establish a toll-free telephone service, or provide on-line access.

Individual Access

When members request it, credit unions will tell them what personal information the credit union has, what it is being used for, and to whom it has been disclosed.

Members may challenge the accuracy and completeness of personal information in the credit union’s control and have it amended as appropriate.

When members request it, the credit union will give them access to their personal information.

Note: Exceptions to the access requirement will be limited and specific.

1) A member has the right to know, by request, what personal information the credit union has in its control and to obtain access to that information.

2) Members may be requested to assist the credit union in locating information by providing information required for the search. Information provided will only be used for the purpose of assisting in a search.

3) Credit unions will be as specific as possible in identifying the type of information and the identity of third parties to which information has been disclosed including a list of organizations that may receive personal information.

4) Credit unions will respond to member requests within a reasonable time and at no cost, or reasonable cost to the member. The requested information shall be provided or made available in a form that is easy to understand. For example, if the credit union uses abbreviations or codes to record information, an explanation will be provided.

5) In some cases, the credit union may not be able to provide the personal information that is in its control. Each credit union will seek to limit these cases, and make them specific in policies and procedures. For example, some personal information may not be provided, or not provided in full, because:

Providing access would likely reveal personal information about a third party, unless such information can be severed from the record or the third party consents to the disclosure, or the information is needed due to a threat to life, health or security;

The personal information has been requested by a government institution for the purposes of enforcing any law of Canada, a province or a foreign jurisdiction, carrying out any investigation related to the enforcement of any law, the administration of any law, the protection of national security, the defense of Canada or the conduct of international affairs;

The information is protected by solicitor-client privilege;

Providing access would reveal confidential commercial information, provided this information cannot be severed from the file containing other information requested by the Member;

Providing access could reasonably be expected to threaten the life or security of another person, provided this information cannot be severed from the file containing other information requested by the Member;

The information was collected without the knowledge or consent of the Member for purposes related to investigating a breach of an agreement or a contravention of the laws of Canada or a province;

The information was generated in the course of a formal dispute resolution process.

6) When a member successfully demonstrates the inaccuracy or incompleteness of personal information, the credit union shall amend the information as required. Depending upon the nature of the information challenged, amendment involves the correction, deletion, or addition of information. Where appropriate, the amended information shall be forwarded to third parties having access to the information in question.

7) If a credit union denies the member’s request for access to personal information, the member must be told why. The member may then question the decision under the procedures in this privacy code. When a challenge is not resolved to the satisfaction of the member, the substance of the unresolved challenge will be recorded by the credit union. When appropriate, the existence of the unresolved challenge will be transmitted to third parties having access to the information in question.

Compliance

Members are welcome to question credit unions concerning compliance with this privacy code. Credit unions will have policies and procedures for responding to member questions.

1) The credit union will have policies and procedures to receive, investigate, and respond to member’s questions and concerns relating to personal information.

The process will be easily accessible and simple to use.

It will be clear whom members must contact with a question or concern. The designated individual accountable for the credit union’s compliance will be known to staff and identified to the membership periodically.

2) All members will have the right to take concerns that are not satisfactorily resolved to the Board for final arbitration. The credit union will inform members who make inquiries or lodge complaints of the existence of relevant complaint mechanisms.

3) Credit unions will investigate all concerns. If the credit union finds a concern justified, the credit union will have an appropriate resolve, including changing policies and procedures to ensure other members will not experience the same situation.